Rights module does not affect for controllers in sub directory

Hello all, this is my first post for new topic, sorry if looks meesy. I use rights module for managing access control, but I found one problem. My problem is, my rights module does not affect for controllers placed in sub directory.

This is the hierarchy of my protected/controllers directory:

-- controllers/

   -- UserController

   -- izin/

      -- StoreController

So the url will be: mysite/izin/store/create and so on…

On the other hand, I have a user with role as ‘Operator’ and I assign ‘Store.Create’ operation for this role, but what I’ve got is a 403 error when the user wants to access the url. This means the permission I have set does not affect to this controller right?

To solve this, I have to add this function in StoreController:

public function allowedActions() { 

    //if(Yii::app()->user->checkAccess('Gudang.Create')) return 'index, create, view, update'; // does not affect


    if($user->role == 'Operator') return 'index, create, view, update';


The code works well, but I think there should be a better way to solve my problem. Anyone of you can help me?

Thanks a lot,


Just found this topic since I had the same problem. Solution is to replace line 40-41 in rights/components/RightsFilter.php


39 // Append the controller id to the authorization item name

40 preg_match('([^/]+$)', $controller->id, $matches);

41 $authItem .= ucfirst(implode($matches));

Problem is that subfolders get prepended to the controller id, and so the authItem does not match. The regex checks for the part after the last slash, and if there is no slash, return the string. $matches will always be one hit, that’s why I just implode it.

Yes it’s works for me.